Thea Green: Former Palm Beach County Health Department clerk charged with stealing patient data
Ed Komenda, Sun Sentinel
2:12 PM, Jan 9, 2013
Deputies have arrested a 25-year-old woman they say leaked the personal information of patients at the Palm Beach County Health Department last summer.
In July 2012, Health Department officials fired Thea Green, of Royal Palm Beach, for allegedly stealing the Social Security numbers and dates of birth from department patrons and trying to mail the information to a known fraudster in Jacksonville.
Targeting patients born in the 1990s, Green collected the information of victims from Palm Beach, Martin and Miami-Dade counties, deputies say, as well as other states, including Maryland and Georgia.
Green landed in jail Saturday on numerous fraud charges in lieu of $18,000 bond, according to the Palm Beach County Sheriff's Office.
With a few key strokes and clicks of a mouse, Green, who had worked at the health department for six years, could access everything – and she did, deputies said.
She was fired after authorities discovered she had created a list of the names and Social Security numbers of at least 86 patients before trying to mail the data, which could be used in any number of ID scams. Green allegedly transcribed the information from digital files stored on a centralized computer system, then packaged the list to mail.
A suspicious UPS worker confiscated and inspected the package when Green tried to mail the parcel overnight for a hefty fee.
The package never hit the mail truck.
Though the list of information inside the package did not contain medical, bank account, credit card or other personal information, the Social Security numbers are enough to be used in schemes such as tax return fraud.
Detectives have suggested it wasn't the first time Green mailed personal information.
"There were additional names," Health Department spokesman Tim O'Connor told the Sun Sentinel in July. Some of those names, he added, were used in ID thefts or frauds, but the number of additional patients and nature of the alleged crimes against them is unknown.
Green had been trained, O'Connor said, to handle medical documents and understand HIPAA laws – which protect patients' medical and personal information from leaving the doctor's office.
All of the county's medical records are digitally filed on a central computer system programmed with firewalls that track users' every move. The firewall records the name of the user and the time and date he or she accessed the files.
After viewing computer records, officials said there was indication the employee tried to access patients' financial information.